[tor-talk] Upcoming stable releases to fix a medium-severity security issue
Nick Mathewson
nickm at torproject.org
Wed Feb 20 17:29:55 UTC 2019
Hi!
I'm planning to put out new Tor source releases some time Thursday or
Friday. They will be versions 0.3.3.12, 0.3.4.11, 0.3.5.8, and
0.4.0.2-alpha.
These versions will, among the usual array of bugfixes, fix a
medium-severity security issue: a remote denial-of-service attack
vector against relays and clients running version 0.3.2.1-alpha and
later. While we don't currently know an exploit for the issue, we hope
that all affected relays will upgrade. The issue is traced as
TROVE-2019-001, Tor bug #29168, and CVE-2019-8955.
One more reminder: the 0.3.3.x series was scheduled to reach
end-of-life as of February 22. We've extended that to February 28,
but after that date, there will be no more security updates for the
0.3.3.x series. If you need a version that will receive long-term
support, we recommend that you stick with 0.3.5.x, which will be
supported until 2022.
best wishes,
--
Nick
More information about the tor-talk
mailing list